Hi, Name: CVE-2008-2712 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 Reference: BUGTRAQ:20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1 Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493352/100/0/threaded Reference: BUGTRAQ:20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493353/100/0/threaded Reference: MISC:http://www.rdancer.org/vulnerablevim.html Reference: MLIST:[oss-security] CVE Id request: vim Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/16/2
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw. Please reference this CVE id in the changelog when closing the bug. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpTsMphOAbZx.pgp
Description: PGP signature
